ANTAK

ANTAK is a tool that is a part of the wide arsenal of hacking tools of the infamous APT39 (Advanced Persistent Threat) cybercriminal group, which is believed to be based in Iran. They are a notorious group of individuals who pack keyloggers, RATs, Trojans, info stealers, backdoors, etc., in their toolkit. They have a number of past operations in which they targeted travel companies and telecommunication service corporations. APT39 also has launched attacks against government institutions. With the constant conflicts raging in the Middle East cyber warfare has also been gaining popularity.

The ANTAK web shell is based on the ASP.net framework. It has the capabilities to connect to a remote computer and execute PowerShell commands. However, for this to be done the authors of ANTAK have first to infiltrate their target so they can embed ANTAK on it successfully. This would help their victims to be connected to the Internet. Once ANTAK has penetrated the defenses of its target and has planted itself on their system, it can be controlled through a Web browser and given commands to execute. ANTAK is hosted on a server, which makes it easy to access from any Web browser. Naturally, the authors have made sure it is password-protected so that no intruders can get access to it.

ANTAK is particularly threatening because if someone has a hold of your PowerShell, they can do just about anything to your computer including collect data, plant malware, upload and download files, manage your data, etc. Groups such as APT39 are relentless, and governments should certainly do more in persecuting such hacking groups, which have proven to be a threat no matter where in the world you may be.